Rogue AP detection
First Claim
1. A method comprising:
- receiving, at a first access point, a first signature frame transmitted by a mobility agent of a wireless switch, wherein the signature frame includes a first switch identifier, a first port identifier, and a first virtual local area network (VLAN) identifier, wherein the signature frame further includes wireless switch identification and physical port identification;
preventing transmission of the first signature frame from a wireless interface of the first access point based on a first pattern of data in the first signature frame;
receiving, at the first access point, a second signature frame transmitted via a wireless signal from a second access point; and
reporting, by the first access point, reception of the second signature frame to a wireless controller, wherein the reporting includes reporting, to the wireless controller, an identification of the second access point, and a wireless switch and a physical port the second access point is connected to.
13 Assignments
0 Petitions
Accused Products
Abstract
Methods, systems and computer readable media for rogue access point detection are disclosed. In some implementations, the method can include initiating, at one or more processors of a wireless controller, a rogue access point detection process for a wireless network, and transmitting, from the one or more processors, a signature frame to a mobility agent in a wireless switch. The method can also include receiving, at an authorized access point, the signature frame transmitted via a wireless signal from a rogue access point. The method can further include reporting reception of the signature frame to the wireless controller, and generating, at the one or more processors, a signal to shut down a port associated with the rogue access point.
-
Citations
18 Claims
-
1. A method comprising:
-
receiving, at a first access point, a first signature frame transmitted by a mobility agent of a wireless switch, wherein the signature frame includes a first switch identifier, a first port identifier, and a first virtual local area network (VLAN) identifier, wherein the signature frame further includes wireless switch identification and physical port identification; preventing transmission of the first signature frame from a wireless interface of the first access point based on a first pattern of data in the first signature frame; receiving, at the first access point, a second signature frame transmitted via a wireless signal from a second access point; and reporting, by the first access point, reception of the second signature frame to a wireless controller, wherein the reporting includes reporting, to the wireless controller, an identification of the second access point, and a wireless switch and a physical port the second access point is connected to. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system comprising one or more processors configured to perform operations comprising:
-
receiving, at a first access point, a first signature frame transmitted by a mobility agent of a wireless switch, wherein the signature frame includes a first switch identifier, a first port identifier, and a first virtual local area network (VLAN) identifier, wherein the signature frame further includes wireless switch identification and physical port identification; preventing transmission of the first signature frame from a wireless interface of the first access point based on a first pattern of data in the first signature frame; receiving, at the first access point, a second signature frame transmitted via a wireless signal from a second access point; and reporting, by the first access point, reception of the second signature frame to a wireless controller, wherein the reporting includes reporting, to the wireless controller, an identification of the second access point, and a wireless switch and a physical port the second access point is connected to. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A nontransitory computer readable medium having stored thereon instructions that, when executed by a processor of a wireless controller, cause the processor to perform operations comprising:
-
receiving, at a first access point, a first signature frame transmitted by a mobility agent of a wireless switch, wherein the first signature frame includes a first switch identifier, a first port identifier, and a first (virtual local area network) VLAN identifier, wherein the signature frame further includes wireless switch identification and physical port identification; preventing transmission of the signature frame from a wireless interface of the first access point based on a first pattern of data in the first signature frame; receiving, at the first access point, a second signature frame transmitted via a wireless signal from a second access point; and reporting, by the first access point, reception of the second signature frame to a wireless controller, wherein the reporting includes reporting, to the wireless controller, an identification of the second access point, and a wireless switch and a physical port the second access point is connected to. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification